Latent Instruction Representation Alignment: defending against jailbreaks, backdoors and undesired knowledge in LLMs
For LLM safety, LIRA provides a novel method that generalizes across multiple threats (jailbreaks, backdoors, unlearning) with strong empirical results.
LIRA defends LLMs against jailbreaks, backdoors, and undesired knowledge by training the model to change how it interprets instructions, blocking over 99% of PEZ jailbreak attacks and achieving optimal forgetting on WMDP cyber with negligible loss of benign capabilities.
We address jailbreaks, backdoors, and unlearning for large language models (LLMs). Unlike prior work, which trains LLMs based on their actions when given malign instructions, our method specifically trains the model to change how it interprets instructions. Our method, Latent Instruction Representation Alignment (LIRA), greatly improves generalization. We further boost generalization through an internally adversarial training algorithm. Our methods block over 99% of PEZ jailbreak attacks; remove a challenging insecure code backdoor; and achieve optimal forgetting on WMDP cyber with negligible loss of benign capabilities.